EU and UK blacklist Russia’s cyber operators over efforts to destabilize Europe

The EU and the UK jointly sanctioned dozens of Russian individuals and entities, accusing Moscow of coordinating a malicious cyber ecosystem targeting Europe, its member states, and international partners.

EU Russia sanctions

The UK sanctioned 24 individuals and entities, while the EU imposed restrictive measures on nine individuals and four entities.

“Cybercriminals, self-proclaimed hacktivists and private companies linked to Russia, including actors operating under its instructions, direction or control, have also carried out, enabled and facilitated a wide range of malicious activities. We strongly condemn Russia’s behaviour and misuse of this cyber ecosystem, targeting public services and critical infrastructure, causing disruptions and financial losses,” the Council of the EU said.

The Council of the EU attributed multiple cyber espionage and sabotage campaigns to the 16th Centre of Russia’s Federal Security Service (FSB), accusing the unit of directing threat groups including Turla and targeting government networks and critical infrastructure across Europe, including combined heat and power plants in Poland.

On 29 December 2025, attackers targeted more than 30 wind and solar farms, a combined heat and power plant, and a manufacturing company in Poland with previously unseen data-wiping malware designed for operational technology systems. The operation failed to disrupt electricity generation or heat supply.

More recently, Poland blocked a cyberattack targeting the IT infrastructure of the National Centre for Nuclear Research (NCBJ), the country’s leading nuclear research institute.

According to a statement published by the Council, the 16th Centre has spent years targeting government networks and critical infrastructure in France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania, and Finland.

“From directing criminals to targeting businesses, and striking Poland’s energy grid in the depths of winter, the Russian state is sinking to new lows in its attempts to undermine European security,” UK Foreign Secretary Yvette Cooper said.

The UK sanctions also target individuals linked to Lumma Stealer, an information-stealing malware used to steal credentials and other sensitive data from compromised devices.

The UK government said Russia has used credentials obtained through Lumma Stealer to support cyber espionage operations, while the National Crime Agency estimated at least 2,100 UK victims over the past six months.

“We’re sanctioning Russia at speed and scale,” EU High Representative for Foreign Affairs and Security Policy Kaja Kallas wrote on X. “This is our biggest round of individual designations since Moscow’s 2022 full-scale invasion and includes the EU’s largest-ever cyber sanctions package.”

The latest measures follow another round of EU cyber sanctions imposed in March, when the Council sanctioned three companies from China and Iran and two individuals over cyberattacks targeting EU member states and international partners.

Separately, the National Security Agency (NSA) and its partners released guidance on protecting routers against cyber activity attributed to Russia’s FSB Center 16.

Don't miss